<?php
if (isset($_SESSION['perm']) && $_SESSION['perm'] == 2) {
	$perm = $_SESSION['perm'];
	if (!isset($_POST['updateAccount'])) { // page load - get account info
		
		$sql = 'SELECT u.username, u.pwd, u.salt, u.fname, u.lname, u.phone, u.email, c.company
				FROM user u
				INNER JOIN client c
				ON u.userId = c.userId
				WHERE u.userId = ?';
		$stmt = $dbc->stmt_init();
		$stmt->prepare($sql);
		$stmt->bind_param('s', $_SESSION['userId']);
		$stmt->execute();
		$stmt->bind_result($username, $password, $salt, $fname, $lname, $phone, $email, $company);	
		$stmt->fetch();	
		$stmt->close();
		
		$retyped = $password;
		$currentpwd = $password;
	} // done getting account info
	else { // if user updates account
		$errors = array();
		$username = trim($_POST['username']);
		$fname = trim($_POST['fname']);
		$lname = trim($_POST['lname']);
		$phone = trim($_POST['phone']);
		
		$email = trim($_POST['email']);
		
		
		$company = trim($_POST['company']);
		
		$password = trim($_POST['pwd']);
		$retyped = trim($_POST['conf_pwd']);
		$currentpwd = $_POST['currentpwd'];
		$salt = $_POST['salt'];
			
	
		$MinChars = 1;
		if (strlen($username) < $MinChars || strlen($fname) < $MinChars || strlen($lname) < $MinChars || strlen($phone) < 10) {
			$errors[] = "A field was left empty or has an invalid value.";
		}
	
		if ($perm == 2) {
			if (strlen($company) < $MinChars) {
				$errors[] = "Must provide your companies name.";	
			}
		}

		$validemail = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
		if (!$validemail) {
			$errors[] = 'Invalid Email';
		}
	
		if ($password != $currentpwd) {
			require_once ('./classes/Ja1/checkpassword.php');
			$checkpwd = new Ja1_CheckPassword($password);
			$checkpwd->requireMixedCase();
			$checkpwd->requireNumbers(2);
			$checkpwd->requireSymbols();
			$passwordOK = $checkpwd->check();
			if (!$passwordOK) {
				$errors = array_merge($errors, $checkpwd->getErrors());
			}
		}
		if ($password != $retyped) {
			$errors[] = "Your passwords don't match.";
		}
		
		
		if (!$errors) { // Store changes to DB if no errors
			$pwd = $password;
			if ($password != $currentpwd){
				$salt = time();
				$pwd = sha1($password . $salt);
			}
			
			
			// update account db
			$sql = 'UPDATE user u 
					INNER JOIN client c 
					ON u.userId = c.userId
					SET u.username = ?, u.pwd = ?, u.salt = ?, u.fname = ?, u.lname = ?, u.phone = ?, u.email = ?,
					c.company = ?
					WHERE u.userId = ?';
			$stmt = $dbc->stmt_init();
			$stmt = $dbc->prepare($sql);
			$stmt->bind_param('ssssssssi', $username, $pwd, $salt, $fname, $lname, $phone, $email, $company, $_SESSION['userId']);
			$stmt->execute();
			
			if ($stmt->affected_rows == 1) {
				$success = 'Changes have been successfully made to your account.<br /><br />';		
			}
			elseif ($stmt->errno == 1062) {
				$errors[] = "That username is not available.";
			}
			else {
				$errors[] = 'No changes were made.';
			}
			$stmt->close();
	
		} // END saving		
	} // END SUBMIT
	?>
    
  
<!-- FORM FIELDS -->
    <h2>Account</h2><br />
	<?php
	// disply messages
	if (isset($result)) {
		foreach ($result as $message) {
			echo $message.'<br />';
		}
	}
	if (isset($success)) {
		echo $success.'<br />';
	}
	else {
		if (isset($errors) && !empty($errors)) {
			foreach ($errors as $error) {
				echo "<font color='red'>$error</font><br />";
			}
			echo '<br /><br />';
		}
	}
	?>
	<form id="updateAccountForm" method="POST" action="" enctype="multipart/form-data">
	  	
	<input type="hidden" name="salt" value="<?php echo $salt; ?>" />
	<input type="hidden" name="currentpwd" value="<?php echo $currentpwd; ?>" />
    
    
    <div style="float:left;width:525px;text-align:right; line-height:19px;">
		<label for="username">USERNAME:&nbsp;</label><br /><br />
        <label for="pwd">PASSWORD:&nbsp;</label><br /><br />
    	<label for="conf_pwd">RETYPE PASSWORD:&nbsp;</label><br /><br /><br />
        <label for="fname">FIRST NAME:&nbsp;</label><br /><br />
        <label for="lname">LAST NAME:&nbsp;</label><br /><br />
        <label for="phone">PHONE:&nbsp;</label><br /><br />
        <label for="email">EMAIL:&nbsp;</label>
    </div>
    
    <div style="float:left;text-align:left;line-height:20px;">
    	<input name="username" id="username" type="text" <?php if (isset($username)) { echo 'value="'.$username.'"'; } ?> onclick='value=""'><br /><br />
		<input name="pwd" id="pwd" type="password" <?php if ((isset($password)) && ($password == $retyped)) { echo 'value="'.$password.'"'; } ?> onclick='value=""'><br /><br />
		<input name="conf_pwd" id="conf_pwd" type="password" <?php if ((isset($password)) && ($password == $retyped)) { echo 'value="'.$retyped.'"'; } ?> onclick='value=""'><br /><br /><br />
        <input name="fname" id="fname" type="text" <?php if (isset($fname)) { echo 'value="'.$fname.'"'; } ?> onclick='value=""'><br /><br />
        <input name="lname" id="lname" type="text" <?php if (isset($lname)) { echo 'value="'.$lname.'"'; } ?> onclick='value=""'><br /><br />
        <input name="phone" id="phone" type="text" <?php if (isset($phone)) { echo 'value="'.$phone.'"'; } ?> onclick='value=""'><br /><br />
        <input name="email" id="email" type="text" <?php if (isset($email)) { echo 'value="'.$email.'"'; } ?> onclick='value=""'><br /><br />
        <br />
    </div>
    
    <div style="width:1180px;float:left;"><div style="float:left;margin-left:425px;text-align:left;">
    	<!--<input type="radio" name="perm" id="perm1" class="perm1" value="1" <?php //if (isset($perm) && $perm == "1") { echo 'checked'; } ?> />&nbsp;Admin - Here simply so the instructor can easily see all parts.<br />-->
    	<input type="radio" name="perm" id="perm2" class="perm2" value="2" <?php if (isset($perm) && $perm == "2") { echo 'checked'; } ?> />&nbsp;Client - Looking to hire.<br />
   		<!--<input type="radio" name="perm" id="perm3" class="perm3" value="3" <?php //if ((isset($perm) && $perm == "3") || !isset($perm)) { echo 'checked'; } ?> />&nbsp;Staff - Looking for work.--><br /><br /><br />
    </div></div>
    
    <div id="client_form" <?php if (isset($perm) && $perm == "2") { echo 'class="form_unhide"'; } else { echo 'class="hidden"'; } ?>>
    	<div style="float:left;width:525px;text-align:right; line-height:19px;">
        	<label for="company">COMPANY:&nbsp;</label>
        </div>
        <div style="float:left;text-align:left;line-height:20px;">
        	<input name="company" id="company" type="text" <?php if (isset($company)) { echo 'value="'.$company.'"'; } ?> onclick='value=""'><br /><br />
        </div>
    </div>
   
    
	<div style="width:1120px;float:left;text-align:center;">
    	<input name="updateAccount" id="updateAccount" type="submit" value="Update"><br /><br />
    </div>

    </form>
    
<?php	
 } // end if $auid isset
?>
